_JHVEPhoto_alamy.jpg?disable=upscale&width=1200&height=630&fit=crop "Security Upgrades Offered for 3 HPE Aruba Networking Bugs")
HPE Aruba Networking recently addressed three critical vulnerabilities within its systems that could potentially allow unauthenticated attackers to execute remote code on compromised devices. The vulnerabilities, identified as CVE-2024-42505, CVE-2024-42506, and CVE-2024-42507, are located within the command line interface (CLI) service of Aruba access points (APs). Attackers could exploit these vulnerabilities by sending packets to Aruba’s AP management protocol UDP port, thereby gaining privileged access and executing arbitrary code.
According to reports from the Hewlett Packard Enterprise subsidiary, the security bugs impact Aruba APs running Instant AOS-8 and AOS-10. The affected software versions include AOS-10.6.x.x: 10.6.0.2 and below, AOS-10.4.x.x: 10.4.1.3 and below, Instant AOS-8.12.x.x: 8.12.0.1 and below, and Instant AOS-8.10.x.x: 8.10.0.13 and below.
While there are workarounds available for devices running Instant AOS-8.x code and AOS-10, administrators are strongly advised to install the latest updates provided by HPE on its networking support portal as a precaution against potential attacks from malicious actors. Notably, other Aruba products like Networking Mobility Conductors, Mobility Controllers, and SD-WAN Gateways have not been impacted by these vulnerabilities.
As of now, there have been no reported instances of these flaws being exploited in the wild, and there are currently no public exploit codes available, according to the HPE Security Response Team. This indicates that the vulnerabilities have not yet been leveraged by threat actors for malicious purposes.
In response to these vulnerabilities, HPE Aruba Networking has taken swift action to address the issue and provide necessary updates to safeguard its customers’ devices. By promptly releasing patches and recommending proactive measures for administrators to mitigate risks, HPE demonstrates its commitment to ensuring the security and integrity of its products and services.
Overall, the timely identification and resolution of these critical vulnerabilities underline the importance of continuous vigilance and proactive security measures in the ever-evolving landscape of cybersecurity threats. It is imperative for organizations to stay informed about potential risks, promptly apply security updates, and implement robust security protocols to mitigate the impact of vulnerabilities and defend against malicious attacks.